| Max CVSS | 6.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-3577 | 5.8 |
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName fi
|
27-10-2023 - 15:15 | 21-08-2014 - 14:55 | |
| CVE-2015-0226 | 5.0 |
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via
|
23-07-2019 - 23:15 | 30-10-2017 - 14:29 | |
| CVE-2015-0227 | 5.0 |
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
|
04-10-2018 - 10:29 | 12-02-2015 - 16:59 | |
| CVE-2015-1796 | 4.3 |
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an en
|
30-11-2016 - 02:59 | 08-07-2015 - 15:59 | |
| CVE-2014-8175 | 6.0 |
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
|
09-07-2015 - 15:44 | 08-07-2015 - 15:59 |